• General

  • Potential appearances of GrapheneOS in mobile forensic reports

@[deleted]

The how and the why I'm not sure as I'm not technically savvy but I'm 100% certain they will be trying to push an exploit through GOS server onto the phones to intercept data. Wether it's illegal or not they will be trying to.

I agree they will try. However gOS operates in different way, that won't be that easy.

They cloned the sky servers in 2019 then created an exploit in 2021 which has brought so many criminal trials.

They cloned more cryptophones' servers than just SkyECC.

There's not an encrypted phone network albeit the others were solely used by criminals that they havent hacked or cloned the servers to intercept data.

My OSINT says the same. The only publicly available 'alternative' are these white/russian/silent/pgp/encrypted/stealth sim cards. The logical conclusion is - many people using 'cryptophones' in the past use gOS nowadays.

GOS will be no different.

We'll see.

[deleted] maybe it's a good idea for GOS to implement some sort of multi-signing for each push update they perform. It would reduce a single point of error.

    [deleted]

    While this certainly sounds like something the investigating authorities are aiming for, it will no longer be so easy after the latest ECJ ruling. Or, in my opinion, impossible. Someone may one day succeed in penetrating grapheneos, but there will be no hack comparable to encro or sky. There will only be targeted attacks against individuals, which, at least in Germany, will require an order from a criminal court. An investigating judge is no longer sufficient for this. Furthermore, it has now been established by the highest court in Europe that a defendant must be given full access to all the details on which his indictment is based. This means that any judge who authorizes such surveillance will actually read what he signs and instruct the investigating authorities to maintain integrity. Anom can't be used in Germany as evidence anymore.

    C-670/22

        • [deleted]

        • Post #52
        • Edited

        Nuttso IMO they will learn from there errors and it'll be done illegally and will be done for 'intelligence only' therefore catching people in the act of committing crimes and intercepted data will not be required as evidence like it is being used currently. Lots of rumours similar is happening to signal also.

        They don't play by the law as has been shown with how they have hacked past crypto phones. If they can catch some criminal bang to rights with millions of pounds worth of narcotics, in the midst of a robbery or such the messages they have intercepted won't really matter.

            [deleted] IMO they will learn from there errors and it'll be done illegally and will be done for 'intelligence only' therefore catching people in the act of committing crimes and intercepted data will not be required as evidence like it is being used currently.

            This has been used for a long time. Depending on how difficult it is for the investigating authorities to convict someone, they do not shy away from falsifying evidence. Be it that, in cooperation with the public prosecutor's office, they do not inform the investigating judge of the true circumstances, or that they happened to be at the scene, or that they are completely free to invent spies. Europol does not abide by any laws at all; it places people in criminal circles who are allowed to commit even the most serious crimes in order to prove their loyalty. They are then brought before the courts as confidants who do not have to make a direct statement. Encro and Sky have provided a small insight into the whole affair, but have changed absolutely nothing. The market is flooded with cocaine and other substances. This whole war on drugs is a joke and people in the highest political, military and police circles are playing along with it. In Germany alone, 100 kg of cocaine are consumed every day. Investigating authorities boast about finding a ton of cocaine, yet several tons arrive in the EU every day.

            A serious drug dealer will only use his grapheneos as if it were already compromised. This is also the only approach that actually protects against surprises.

            [deleted] They don't play by the law as has been shown with how they have hacked past crypto phones.

            In fact, the data was collected by encro and Sky in accordance with the law. This was also confirmed by the ECJ in the judgment I linked to. They used a little trick to circumvent certain criminal procedural regulations in some EU countries.

            [deleted] Lots of rumours similar is happening to signal also.

            We monitor this with a very simple approach. If this were true, we would know immediately. I don't want to say exactly how we do this.

                  other8026 locked the discussion .

                  GrapheneOS phones don't blindly trust GrapheneOS servers. To put it bluntly, it really wouldn't matter if they were compromised because malicious updates wouldn't be signed by the required keys.

                  For all of the services I can think of, our phones just get data from the servers. No additional info is sent with requests. So, there's virtually zero useful user data on GrapheneOS servers (to law enforcement or whoever). Use a VPN in the owner profile to hide your IP address if you want.

                  Edit to share some links:

                  other8026 unlocked the discussion .

                  To bring a little clarity here. Firstly, grapheneos servers are configured more securely than comparable providers. During the compilation process, the releases are signed with a key that only the developers have. Without this key, no manipulated operating system can be installed on the end devices. Every change in the source code is communicated publicly. The only damage that a server takeover could cause would be to cut off the user from the possibility of receiving updates. Which could become a problem if certain critical security updates are released that close RCEs, for example. The phones would be unprotected against publicly known security vulnerabilities as long as they do not have the latest security updates. For this very reason, grapheneos places so much emphasis on getting the security bulletins out as quickly as possible each month.

                  Regardless of this, a targeted hack would be necessary. It would have to be able to bypass several security mechanisms and it would be very difficult to make this hack persistent. See verified Boot.

                  This is why we only recommend grapheneos as the basis for Molly. There is nothing comparable. It would be downright negligent to recommend anything else.

                  21 days later

                  What do you mean by having GOS as the "basis" of molly? Do you mean y'all will only recommend properly configured molly installed on a properly configured GOS for maximum attainable security/privacy?

                  (By molly I am assuming you're talking about that hardened fork of Signal, right?)

                    GlytchMeister GOS recommend Molly due to the large attack surface of the Signal and WhatsApp apps, messages are E2EE, but it would seem that the apps are very vulnerable, I can no longer find the source on Mastodon, but I have read it.

                    In addition, Accrescent, which contains the fully FOSS version of Molly, will soon be available in "Apps" to create a chain of trust.

                      Oh I didn't know Accrescent was mature enough for implementation within GOS, their github says its still in early alpha. I've been avoiding Accrescent because of that. If its mature enough for GOS's Dev team, I guess it's mature enough for me?

                        4 months later

                        NEW CASE
                        https://gofile.io/d/Z4TgCI (The language is in Swedish, but there is some pictures for the curios folks)
                        Check "Södertörns TR B 5471-24 Aktbil 60, Protokollbilaga Sekretess.pdf" it contains mostly forensic stuff from the phones.

                        Between 2023-04-09 and 2023-04-13 - Mr. Y Ishak (Napoleon on Signal) with associates tried to kill a guy, it was all planned in a signal group chat.

                        Long story short;
                        On 2023-04-13 Police stopped a vehicle with Mr Ish*k in it, he was wanted and police found 2 phones on him, a pixel 6a in his hand and an iphone hidden in his underwear. The pixel did not have any simcard in it, the iphone did.
                        Police did not manage to extract any information from the pixel BUT 9 months (2024-01-30) later somehow they did get hold of signal messages, picture and more..

                        I'm kinda curios of how? In the documents it shows that the accused had been sharing internet from his iphone to the pixel and been connected to wifi. What was the weak point? Signal? His hotspot through the iphone or maybe the router at home?

                          Tekpro doesn't exist since 2017?! The Name oft the company was tekpro and is now "Envista Forensics" as i know. This company is populär in Sweden, Danmark and the netherlands .....

                          quepasabebe Signal? His hotspot through the iphone or maybe the router at home?

                          How would any of these possibly be a weak link? I don't get it.

                          Most likely he had a weak security code or he gave it to them, or he had another phone.

                              wuseman Most likely he had a weak security code or he gave it to them

                              That's my first thought.

                                dc32f0cfe84def651e0e

                                Does this mean GOS is illegal in SE??

                                The Google Pixel phone is very heavily encrypted and there is no legal use for such a phone. Based on this, the Google Pixel phone should be considered a criminal tool.

                                    Clark
                                    Nope. That's written by a police officer of some sort, not by a judge or any legal entity. Presumably the meaning is "it was used to commit a crime" rather than "owning it is a crime"